File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes configure <auth-constraint> for access control Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "configure <auth-constraint> for access control " Watch "configure <auth-constraint> for access control " New topic

configure <auth-constraint> for access control

Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 1118
From Ivan's note p.246-248, in order configure access control on the server side, the web.xml should define something like this:

The sun-web.xml should define something like this:

My question is what if there are thousands of users who are granted access control? Should we define thousands of <role-name> for <auth-contraint> and etc?
And should we define thousands of <security-role-mapping> in sun-web.xml for each <role-name> in web.xml?

Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper

Joined: Apr 07, 2010
Posts: 2096

You might want to read the security part from the EE6-tutorial, especially Working with Realms, Users, Groups, and Roles

Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 1118
After reading the tutorial, it says to define role in the sun-web.xml , not individual users.
That makes more sense now. "Role" means the role of the individual users. Example of roles: students, admin, teacher and etc. Each student are in "students" role.
I agree. Here's the link:
subject: configure <auth-constraint> for access control
It's not a secret anymore!